Field of the Invention
The present invention relates to an information processing system, an information processing method and a non-transitory computer-readable medium, and more particularly to processing for managing the expiration date of an electronic certificate used to enable single sign-on in a cloud service.
Description of the Related Art
Recently, there are many businesses that provide services to consumers by using servers installed on the Internet such as cloud-based services. These businesses provide a plurality of different services, and the consumers select a service that fits their needs from among the plurality of services and makes a contract for the service that they need.
With such a service, when a service provider provides a service to a consumer company, the service provider creates a new tenant and assigns the tenant to the consumer company. Also, an initial user for managing the newly created tenant on the consumer company side is created and registered in the tenant. Then, an administrator on the consumer company side logs into the service as the created initial user so as to make necessary settings including adding users to the assigned tenant, and thereby the consumer company can start using the service.
Meanwhile, Single Sign-On (hereinafter, referred to as “SSO”) using a Security Assertion Markup Language (hereinafter, referred to as “SAML”) is conventionally known as a technique for sharing an authentication among a plurality of servers that are on different domains. A system that implements the SAML includes a server group (Identity Provider, hereinafter, referred to as “IdP”) that provides an authentication function, and at least one server group (Service Provider, hereinafter, referred to as “SP”) that provides a function, with reliance on the result (assertion) of authentication performed by the IdP.
The SSO using the SAML is established based on the trust relationship between the IdP and the SP. Accordingly, it is necessary to establish in advance the trust relationship between the IdP and the SP before the SSO is implemented. The trust relationship is established by registering metadata and an electronic certificate in the SP, the metadata being data in which a scheme for performing SSO defined by the SAML protocol is written. In a cloud-based system, generally, the aforementioned metadata and electronic certificate are registered for each tenant, and thus settings need to be made for each consumer company.
The aforementioned electronic certificate has an expiration date, and the expiration date needs to be updated regularly. The expiration date of the electronic certificate is often set to as long as about two years, which makes it difficult for the person of the consumer company who is in charge of making settings to remember the update period and change settings. Also, the operation of changing settings requires a high level of skill, and therefore it is often the case that the operation is outsourced to the sales agent who is providing the license to the consumer. In this case, there is a need for the sales agent to offer a re-registration operation to the consumer so as to serve as a substitute to perform the re-registration operation when the expiration date has expired.
Conventionally, a method has been proposed in which the email address of the responsible contact person at each consumer company is registered in advance, and a notification is sent to the email addresses (see, for example, Japanese Patent Laid-Open No. 2002-222306).
The conventional method, however, has the following problems. For example, because the expiration date of the electronic certificate is long, the responsible contact person of the sales agent for each consumer may be changed to a different person. Accordingly, it is necessary to change the notification destination settings each time the responsible contact person is changed, which is troublesome. Also, if making a change in the notification destination settings is forgotten, there is a possibility that, at the time when a notification is actually sent, the responsible contact person is no longer working and thus the notification is not received. A method is conceivable in which sales agents are set in advance, and notifications are sent to all users of the sales agents. However, there are, among the users of the cloud service sales agents that provide a plurality of services, those who handle services that do not require SSO, and as a result, unnecessary notifications are created.